[ 58.957555] audit: type=1800 audit(1539258605.992:27): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 60.489873] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.649817] random: sshd: uninitialized urandom read (32 bytes read) [ 64.114918] random: sshd: uninitialized urandom read (32 bytes read) [ 67.007476] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. [ 72.770709] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 11:50:21 fuzzer started [ 77.405598] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 11:50:26 dialing manager at 10.128.0.26:39089 2018/10/11 11:50:26 syscalls: 1 2018/10/11 11:50:26 code coverage: enabled 2018/10/11 11:50:26 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 11:50:26 setuid sandbox: enabled 2018/10/11 11:50:26 namespace sandbox: enabled 2018/10/11 11:50:26 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 11:50:26 fault injection: enabled 2018/10/11 11:50:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 11:50:26 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 11:50:26 net device setup: enabled [ 82.282266] random: crng init done 11:52:30 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 204.585612] IPVS: ftp: loaded support on port[0] = 21 [ 205.948719] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.955335] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.964224] device bridge_slave_0 entered promiscuous mode [ 206.123260] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.129701] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.138428] device bridge_slave_1 entered promiscuous mode [ 206.280653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.420921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 206.850134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.997134] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.272459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.279523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.712182] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.720448] team0: Port device team_slave_0 added 11:52:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/mcfilter\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/94, 0x5e}], 0x1, 0x1) [ 207.883438] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.891668] team0: Port device team_slave_1 added [ 208.146353] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.293497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.300690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.309841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.452959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.460687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.470328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.727235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.734985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.744558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.804928] IPVS: ftp: loaded support on port[0] = 21 [ 211.119894] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.126531] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.135033] device bridge_slave_0 entered promiscuous mode [ 211.145763] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.152368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.159352] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.165974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.175189] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.307513] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.314138] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.322812] device bridge_slave_1 entered promiscuous mode [ 211.535933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.731117] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.856000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.504082] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.654151] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.902371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.909448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.152055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.159136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:52:40 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/246) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ppoll(&(0x7f0000000000)=[{r0, 0x8340}], 0x1, &(0x7f0000000180)={0x0, r1+30000000}, &(0x7f00000001c0), 0x8) [ 213.959159] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.967907] team0: Port device team_slave_0 added [ 214.271315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.279760] team0: Port device team_slave_1 added [ 214.649487] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.656753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.666032] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.831118] IPVS: ftp: loaded support on port[0] = 21 [ 214.996104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 215.003303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.012513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.304519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.312344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.321544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.630995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.638832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.648097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.825741] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.832380] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.841015] device bridge_slave_0 entered promiscuous mode [ 218.214067] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.220577] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.229442] device bridge_slave_1 entered promiscuous mode [ 218.520652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.711156] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.717747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.724899] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.731375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.740434] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 218.837279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 219.273545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.804715] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 220.173630] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 220.442520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 220.449605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.792592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 220.799818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:52:48 executing program 3: io_setup(0x20, &(0x7f0000000480)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000340)='/dev/md0\x00', 0x0, 0x0) close(r1) syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x0, 0x81) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 221.579527] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 221.588013] team0: Port device team_slave_0 added [ 221.906844] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 221.915172] team0: Port device team_slave_1 added [ 222.240732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 222.248081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.257240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.553145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 222.560347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.569366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.999636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 223.007430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.016863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.124709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.156935] IPVS: ftp: loaded support on port[0] = 21 [ 223.329682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 223.337579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.346944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.597176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.982442] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.988899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.997449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.423242] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.429843] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.438420] device bridge_slave_0 entered promiscuous mode [ 226.815448] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.822091] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.830749] device bridge_slave_1 entered promiscuous mode [ 227.199224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 227.337982] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.347600] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.354211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.361137] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.367729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.376754] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.585371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.822242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.711620] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.103386] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.469825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.477062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.838676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.846009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.878980] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.887485] team0: Port device team_slave_0 added [ 231.213102] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.221353] team0: Port device team_slave_1 added [ 231.631111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.638689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.647760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.999160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.006383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.015630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 11:52:59 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) [ 232.341339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.349110] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.358488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.887566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.895406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.904685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.212575] IPVS: ftp: loaded support on port[0] = 21 [ 234.535797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.121577] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:53:04 executing program 0: sysfs$1(0x1, &(0x7f0000000200)='tmpfs\x00') [ 237.823181] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.829629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.837940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.911729] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.918313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.925390] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.931998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.940394] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 11:53:05 executing program 0: r0 = socket$inet6(0xa, 0x1000000000001, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) munmap(&(0x7f0000537000/0x4000)=nil, 0x4000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x4, 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc03300, 0x1, &(0x7f0000000000), 0x1, 0x2000000000002) [ 238.203037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.318245] mmap: syz-executor0 (6888) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 238.520596] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.527127] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.535727] device bridge_slave_0 entered promiscuous mode [ 239.037247] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.043894] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.052643] device bridge_slave_1 entered promiscuous mode [ 239.283358] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.514895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 11:53:06 executing program 0: mincore(&(0x7f00006ca000/0x3000)=nil, 0xffffffffffffff3f, &(0x7f0000c91000)=""/34) shmget(0x3, 0x2000, 0x4, &(0x7f0000ffd000/0x2000)=nil) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000040)) [ 239.972640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 11:53:07 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000540), 0x4) 11:53:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000040)=0x1c) ioctl$sock_proto_private(r1, 0x89e7, &(0x7f00000000c0)="64d4c48f466d99ee4785b7d7c3e3960900ec00e8f7966207ff0391a28b5c6e0bde63e4f4fc7bbb4b2376a675d36adb81f977e803ea91430046cb5918507592cad00fdd485e5af14de544f9096a2c947d98f1a6445f9c5d2619172a15e2670e66e98ce3804cab144d5e54b52d2a13f04ee8d9fb289f0d046a50fe40da7d9bda2062092f10730a360b673db63abefc88e36793b176a62c72eb460e0ff21228cadde15820ff34137c8e464a95b757d5a6d63903412f4cf54a725443dcb36d0bcc6280cb8619e394746c57803fc29f2a") write$uinput_user_dev(r0, &(0x7f0000000c80)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) epoll_create(0xde) [ 241.203358] input: syz1 as /devices/virtual/input/input5 [ 241.245031] input: syz1 as /devices/virtual/input/input6 [ 241.388811] bond0: Enslaving bond_slave_0 as an active interface with an up link 11:53:08 executing program 0: unshare(0x20400) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200000, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x5, @remote, 0x401}, @in6={0xa, 0x4e21, 0x2, @remote, 0x8}, @in={0x2, 0x4e23, @multicast2}], 0x48) sendmmsg(r0, &(0x7f0000005c00), 0x0, 0x0) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000000)) [ 241.872889] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:53:09 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x95a4, 0x2, 0x80, 0xa0, 0x4, r8, r4}, {0x81, 0x8, 0x80, 0x8, 0x8, 0x4, 0x31f5, 0x7}, {0x7fffffff, 0x30, 0x200, 0x6}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x3c}, 0xa, @in6=@mcast1, 0x3504, 0x0, 0x3, 0x6, 0x3, 0x44, 0x5}}, 0xe8) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) [ 242.272245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.281621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 11:53:09 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x95a4, 0x2, 0x80, 0xa0, 0x4, r8, r4}, {0x81, 0x8, 0x80, 0x8, 0x8, 0x4, 0x31f5, 0x7}, {0x7fffffff, 0x30, 0x200, 0x6}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x3c}, 0xa, @in6=@mcast1, 0x3504, 0x0, 0x3, 0x6, 0x3, 0x44, 0x5}}, 0xe8) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) [ 242.798590] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.806069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.023845] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 244.032305] team0: Port device team_slave_0 added [ 244.130564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.367038] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.375280] team0: Port device team_slave_1 added [ 244.720305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.727485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.736381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.047320] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.054706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.063684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.235140] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.387676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 245.395372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.404477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.609987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 245.617975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.627064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.258696] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.265205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.273160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.466089] 8021q: adding VLAN 0 to HW filter on device team0 11:53:15 executing program 1: socketpair$inet(0x2, 0x1, 0x81, &(0x7f0000000000)) [ 249.006767] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.013343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.020290] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.026908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.035430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 249.043380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.379677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.091625] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 252.931310] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 252.937984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 252.946445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:53:20 executing program 2: clock_gettime(0x4, &(0x7f0000000080)) [ 253.764617] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.579686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.109543] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:53:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00004c0000)={0xa, 0x3, 0x0, @ipv4}, 0x1c) listen(r1, 0x903) r2 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) [ 257.649899] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 257.656508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.664553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.977227] 8021q: adding VLAN 0 to HW filter on device team0 11:53:26 executing program 4: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000001c0), 0xc, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001800210a000000000000000000000000000000013768ee8ec7a7c04f6835bcc01eabf995b08b82cc00000000000000000000000000"], 0x1}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 11:53:26 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x95a4, 0x2, 0x80, 0xa0, 0x4, r8, r4}, {0x81, 0x8, 0x80, 0x8, 0x8, 0x4, 0x31f5, 0x7}, {0x7fffffff, 0x30, 0x200, 0x6}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x3c}, 0xa, @in6=@mcast1, 0x3504, 0x0, 0x3, 0x6, 0x3, 0x44, 0x5}}, 0xe8) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) 11:53:26 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x95a4, 0x2, 0x80, 0xa0, 0x4, r8, r4}, {0x81, 0x8, 0x80, 0x8, 0x8, 0x4, 0x31f5, 0x7}, {0x7fffffff, 0x30, 0x200, 0x6}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x3c}, 0xa, @in6=@mcast1, 0x3504, 0x0, 0x3, 0x6, 0x3, 0x44, 0x5}}, 0xe8) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) 11:53:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000500)={0x10000009, 0xffffffffffffffff}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1}) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f00000000c0)={0x100000001}) 11:53:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000000c0)={0xa6a9, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) 11:53:26 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100), 0x0) 11:53:27 executing program 3: r0 = socket$inet6(0xa, 0x81000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x480, &(0x7f00000000c0)=""/132, &(0x7f0000000180)=0x84) 11:53:27 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x95a4, 0x2, 0x80, 0xa0, 0x4, r8, r4}, {0x81, 0x8, 0x80, 0x8, 0x8, 0x4, 0x31f5, 0x7}, {0x7fffffff, 0x30, 0x200, 0x6}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x3c}, 0xa, @in6=@mcast1, 0x3504, 0x0, 0x3, 0x6, 0x3, 0x44, 0x5}}, 0xe8) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) 11:53:27 executing program 1: r0 = socket$inet6(0xa, 0x81000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000080)=0x4) 11:53:27 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040), 0x4) 11:53:28 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = semget$private(0x0, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r6 = getegid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x4, r4, r6, r7, r5, 0x80, 0x5}, 0x0, 0x101, 0x100000001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00'}) getsockopt$inet6_int(r2, 0x29, 0x46, &(0x7f0000d7f000), &(0x7f0000000000)=0x4) 11:53:28 executing program 4: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000001c0), 0xc, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001800210a000000000000000000000000000000013768ee8ec7a7c04f6835bcc01eabf995b08b82cc00000000000000000000000000"], 0x1}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 11:53:28 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000080)={0x2000, 0x4000}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x8000000000000008, 0x2000}, &(0x7f00000002c0)) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0x1, 0x0, &(0x7f00000001c0), 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060", 0x3f}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 261.634143] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 261.721549] ================================================================== [ 261.728989] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 261.736641] CPU: 1 PID: 7527 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 261.743850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 261.753209] Call Trace: [ 261.755824] dump_stack+0x306/0x460 [ 261.759505] ? vmx_set_constant_host_state+0x1778/0x1830 [ 261.764990] kmsan_report+0x1a2/0x2e0 [ 261.768830] __msan_warning+0x7c/0xe0 [ 261.772672] vmx_set_constant_host_state+0x1778/0x1830 [ 261.778047] vmx_create_vcpu+0x3e6f/0x7870 [ 261.782327] ? kmsan_set_origin_inline+0x6b/0x120 [ 261.787218] ? __msan_poison_alloca+0x17a/0x210 [ 261.791928] ? vmx_vm_init+0x340/0x340 [ 261.795839] kvm_arch_vcpu_create+0x25d/0x2f0 [ 261.800365] kvm_vm_ioctl+0x13fd/0x33d0 [ 261.804406] ? __msan_poison_alloca+0x17a/0x210 [ 261.809134] ? do_vfs_ioctl+0x18a/0x2810 [ 261.813208] ? __se_sys_ioctl+0x1da/0x270 [ 261.817377] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.822243] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.827140] do_vfs_ioctl+0xcf3/0x2810 [ 261.831072] ? security_file_ioctl+0x92/0x200 [ 261.835632] __se_sys_ioctl+0x1da/0x270 [ 261.839644] __x64_sys_ioctl+0x4a/0x70 [ 261.843572] do_syscall_64+0xbe/0x100 [ 261.847418] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 261.852626] RIP: 0033:0x457519 [ 261.855876] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 261.874804] RSP: 002b:00007f405bacbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.882529] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 261.889815] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 261.897100] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 261.904384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f405bacc6d4 [ 261.911668] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 261.918973] [ 261.920608] Local variable description: ----dt@vmx_set_constant_host_state [ 261.927623] Variable was created at: [ 261.931366] vmx_set_constant_host_state+0x2b0/0x1830 [ 261.937044] vmx_create_vcpu+0x3e6f/0x7870 [ 261.941287] ================================================================== [ 261.948661] Disabling lock debugging due to kernel taint [ 261.954128] Kernel panic - not syncing: panic_on_warn set ... [ 261.954128] [ 261.961542] CPU: 1 PID: 7527 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 [ 261.970138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 261.979532] Call Trace: [ 261.982140] dump_stack+0x306/0x460 [ 261.985856] panic+0x54c/0xafa [ 261.989146] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 261.994624] kmsan_report+0x2d3/0x2e0 [ 261.998465] __msan_warning+0x7c/0xe0 [ 262.002309] vmx_set_constant_host_state+0x1778/0x1830 [ 262.007629] vmx_create_vcpu+0x3e6f/0x7870 [ 262.011893] ? kmsan_set_origin_inline+0x6b/0x120 [ 262.016773] ? __msan_poison_alloca+0x17a/0x210 [ 262.021492] ? vmx_vm_init+0x340/0x340 [ 262.025426] kvm_arch_vcpu_create+0x25d/0x2f0 [ 262.029963] kvm_vm_ioctl+0x13fd/0x33d0 [ 262.033991] ? __msan_poison_alloca+0x17a/0x210 [ 262.038730] ? do_vfs_ioctl+0x18a/0x2810 [ 262.042827] ? __se_sys_ioctl+0x1da/0x270 [ 262.047004] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 262.051886] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 262.056758] do_vfs_ioctl+0xcf3/0x2810 [ 262.060708] ? security_file_ioctl+0x92/0x200 [ 262.065247] __se_sys_ioctl+0x1da/0x270 [ 262.069265] __x64_sys_ioctl+0x4a/0x70 [ 262.073199] do_syscall_64+0xbe/0x100 [ 262.077036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 262.082310] RIP: 0033:0x457519 [ 262.085521] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 262.104436] RSP: 002b:00007f405bacbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 262.112171] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 262.119452] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 262.126735] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 262.134024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f405bacc6d4 [ 262.141400] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 262.149741] Kernel Offset: disabled [ 262.153389] Rebooting in 86400 seconds..